Process Explorer 16.0 brings Virustotal support

Process Explorer provides you with information that the Windows Task Manager does not offer. While you can use the default task manager to check the running processes on a system, that is about as far as it goes.

Process Explorer adds a multitude of information so that you can check each running process thoroughly on the system. It is for instance possible to check command line parameters that a process was started with, get a list of all of a processes' threads, files and Registry keys that it makes use of, or get detailed performance or network statistics.

It is a program for professionals mostly, but it has its uses for regular users as well. The most recent version of Process Explorer was released today to Microsoft's Windows Sysinternals website.

Process Explorer 16 introduces Virustotal support to the application. Here is how this works.

When you start Process Explorer you can enable Virustotal checks in two ways. You can either right-click any process listed by the application and select the "check Virustotal" option from the context menu, or select Options > Virustotal.com > Check Virustotal instead.

Process Explorer will check file hashes on Virustotal by default, and display the results in its interface. The process itself does not take long, and you should see the number of hits and the total number of engines used to scan the file in the Process Explorer window.

process explorer virustotal

What happens when an unknown executable is discovered? Nothing, unless you enable the sending of unknown executables under Options > Virustotal.com.

If you do, unknown files get automatically transferred to Virustotal where they are scanned by all malware engines. The result is then displayed by Process Explorer, and is also available to all other users who may run into the same file on their system.

All Virustotal results are links, which means that you can click on a link to be taken to the review page on Virustotal to access the detailed results of the scan.

Verdict

Integration of Virustotal adds another useful feature to Process Explorer, Especially the ability to quickly scan all running processes for traces of malware needs to be mentioned here, as it enables you to quickly scan everything that is running on the system.

The scanning is unobtrusive and works well, provided that you do not run any files that are greater than the maximum allowed file size of Virustotal. (via Carsten Knobloch)

Please share this article

facebooktwittergoogle_plusredditlinkedinmail


Filed under:

Responses to Process Explorer 16.0 brings Virustotal support

  1. ytopi January 30, 2014 at 5:27 pm #

    The only thing I get is "JSON object could not be decoded".

  2. Tim January 30, 2014 at 7:20 pm #

    Nice addition, but it's buggy. When I select 'Show Lower Plane' with Virus Total checking switched on, it causes procexp64.exe to crash. Something about BEX64 whatever that is.

    • Martin Brinkmann January 30, 2014 at 7:46 pm #

      Good to know. The only issue that I experienced was that no value was returned for some files, but that was likely a transfer issue. After a restart, all files checked out fine.

  3. Tim January 30, 2014 at 7:22 pm #

    Nice addition, but it's buggy. When I select 'Show Lower Plane' with Virus Total switched on, it causes procexp64.exe to crash. Something about BEX64, whatever that is.

  4. Karl Gephart January 30, 2014 at 9:45 pm #

    Very nice! After right-clicking, I'm getting a link under the Virus Total column in PE that takes me to a web page with a nice rundown of all the major AV services and safety checkmarks.

  5. beemeup2 February 1, 2014 at 3:48 pm #

    I have used Process Explorer a lot and still do, but I also like Process Hacker:
    http://processhacker.sourceforge.net/

    Process Hacker has more customization options than Process Explorer but they're both great programs that I find indispensable. Every toolkit should have at least one of these programs If not both.

  6. rnoire February 4, 2014 at 9:26 am #

    Funny how procexp.exe itself got a hit on Virustotal on that screenshot...LOL.
    Anyway, this nice and nifty new feature make Process Explorer my top application for Windows!

  7. Quantum777 February 4, 2014 at 1:07 pm #

    Yeah I laughed when I saw that too!
    What did the link to Virustotal say?

    • Martin Brinkmann February 4, 2014 at 1:29 pm #

      I did not look it up, and it is gone now. Was 100% sure it was a false positive, so likely some "gen" generic hit.

  8. joseph coyle February 4, 2014 at 3:16 pm #

    nice update but v16. Shows my icore 7440 as having only 4 cores - everywhere else it Shows up as having 8

  9. Ted February 5, 2014 at 7:56 pm #

    VirusTotal added a new AV yesterday: AegisLab
    Process Explorer now shows 15 detections for Windows 7 OS processes, all from AegisLab
    Anyone else noticing this?

Leave a Reply